
Subin Nakarmi
- CyberArk Implementation Engineer
- St. Petersburg, FL
- Member Since Apr 14, 2023
Subin Nakarmi
Professional Summary:
· Implementing the market's leading Privileged Access Management (PAM) solutions for enterprises.
· Very good experience in Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA and Clustered CyberArk PSM Architecture and design.
· Configuration of multiple Privilege accounts across the organization and Administration of CyberArk.
· Involved Upgrade on CyberArk component on various servers and Setup Privileged password management Policies for CPM component.
· Good understanding of policies in CyberArk Central Policy Manager (CPM) and (PSM).
Education: Bachelor’s in computer science, Manipal University
Jabil, St. Petersburg, FL Sep 2017 to Present
CyberArk Implementation Engineer
Responsibilities:
· Led the implementation of CyberArk 9.9 with PVWA, CPM and PSM.
· Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods.
· Extensively worked on PAM operational tasks, defining access control, user entitlements, management of Applications Credentials and User Access Policy.
· Worked on Privileged Access Reviews, Compliance Reporting, Access Control Processes and other associated tasks with Privileged User Management.
· Creating safes and adding users and groups to them for privileged access in CyberArk
· Worked on administering of User accounts, Group memberships, and Organizational Units using Active Directory.
· Extensive experience on Installation, configuration and troubleshooting of AIM clients for various teams.
· Extensively worked on Application Identity manager to securely facilitate access to privileged passwords in applications or configuration files.
· Migrate user accounts into Password Vault using Bulk upload utility.
· Monitor CyberArk reports and respond to failed password verification alerts and work with system account owners to resolve failure alerts.
· Ensure that all CyberArk accounts communicate with Servers and correct any discrepancies or errors that are found.
· Create CyberArk Safe's and add system and application id's to specified Safe vaults
· Retrieve CyberArk system/application password's and assist Database, Linux, Wintel, and Core Application Support teams when passwords are needed.
· Performed PAM Operational tasks defining Access Control, User Entitlements, Management of Applications Credentials and User Access Policy Management.
· Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods
American Airlines, Dallas, TX Nov 2015 to Sep 2017
CyberArk Security Engineer
Responsibilities:
· Maintaining Active Directory groups and policies, Backups.
· Developed Architecture and Design for implementing CyberArk solution in distributed environment to manage application and service credentials.
· Experience in Privileged Access Management solutions particularly CyberArk, network security and administration.
· Installation and configuration of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod and DR.
· Troubleshooting and maintenance of the Password Vault, Central Password Manager (CPM), Privileged Session Manager (PSM), Application Identity Manager(AIM), DR Vault in DR Server.
· Configurations including AD integration and Management of Cyber Ark Enterprise Password vault.
· Managed Safes ad Server/ host addresses in EPV. Resolved issues with CyberArk's CPM to communicate with hosts to reconcile credentials.
· Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods.
· Installed, managed and troubleshot DNS in multiple zone environments. Troubleshot DNS integration with Active Directory. Installed, configured and administered WINS, DHCP, IIS and WSFTP, File and Print servers.
· Patching & Monitoring Vault, Central Password Manager, Two-factor authentication, Privileged Session Manager, Password Vault Web Access servers and services.
· Installed, managed and troubleshot DNS in multiple zone environments. Troubleshot DNS integration with Active Directory. Installed, configured and administered WINS, DHCP, IIS and WSFTP, File and Print servers.
· Identifies, diagnoses, and resolves problems for users of the personal computer or laptop software and hardware.
· Performed daily backup operations, ensuring all required file systems and system data are successfully backed up to the appropriate media, recovery tapes or disks are created, and media is recycled and sent off site as necessary.
· Created and performed backup of policies and Rules in Firewall.
· Provides one-on-one end-user problem resolution over the phone.
Ameriprise Financial, Minneapolis, MN Jun 2014 to Oct 2015
IAM Engineer
Responsibilities:
· Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design.
· Managed and Administered all IAM and PAM technologies.
· Configuration of multiple Privilege accounts across the organization and Administration of CyberArk.
· Integration of window accounts, Unix accounts, Database, Network and Security Device.
· Experienced in day to day operational support in adding and deleting accounts, applying policies, assigning safes, synchronizing failed accounts, Password rotations.
· Implementation and create of web policies, password policies.
· Vault Back-up Management process, AD Configuration (User to connect AD) & Branches).
· Load Balancer architecture, Application Identity Manager Design, On-Demand Privileges Manager Design.
· Break Glass Access Management Process, Integration with other Systems (email configuration).
· Change Management Process Plan (OS, patch updates).
· Responsible for Create New User, Activate, enable user, group and OU account in Active Directory.
· Reconciliation, Password Synchronization, Service definition for Target System, Workflows and Integration of various target system privilege account integration.
· Managing User Accounts, Server Space & other Log files on servers and Maintaining Mail Accounts in Microsoft Office Outlook & Backup of Emails.
· Helping organization target architecture for infrastructure privileged access and the high-level requirements for the privileged access management solution.
· Implementing the strategy for infrastructure privileged access control in organization, and the drivers in terms of risk and regulatory control.
· Worked as Unix Administrator in IT infrastructure environment providing server administration, application administration and automation solutions to support business objectives
· Configured UNIX infrastructure, and supported RHEL (Linux) 3, 4, servers.
· Cyber-Ark as a platform for managing privileged access to infrastructure. An initial project is focusing on managing networking devices accounts. In parallel, analysis is ongoing.
Best Buy, Minneapolis, MN Mar 2013 to May 2014
CyberArk Consultant
Responsibilities:
· Involved Installation on CyberArk component on various servers and Setup Privileged password management Policies for CPM component.
· OPM and AIM provider Installations on PSM and testing for Installation Qualification and Involved in AD integration and adding a user to with their privileges.
· Creating safes and adding users and groups to them for privileged access in CyberArk and Creation of policies and Reports in PVWA.
· Installation and configuration of CyberArk Private Ark client and Private Ark server and CPM, PVWA, PSM, PSMP, DR.
· Good understanding of policies in CyberArk Central Policy Manager (CPM) and (PSM).
· Resolved CyberArk issue's in CPM to communicate with a host to reconcile credentials.
· Prepared tickets about the issue and informed to the higher specialists.
· Alerting DXB Bank to suspicious activity or instances observed on their networks, such as DDoS attempts, Cross-Site Scripting, or malware infections, then providing recommendations and solutions to handle them.
· Provided guidance in adding, removing, change and lifecycle of Privileged Identity Management (PIM) to provide the highest quality levels of Security.
· Retrieved CyberArk system and application password's and assist Database, Linux, and Core Application Support teams when passwords are needed.
· Good knowledge in Active Directory and Involved in AD integration and adding user to with their privileges.
Verizon, Basking Ridge, NJ May 2011 to Feb 2013
Tivoli Identity Manager
Responsibilities:
· Involved in Design Approach for Tivoli Identity Manager.
· Perform and Support Configuration Changes in Development and UAT Environments, perform and support all minor changes in production environment.
· Resolved Incidents/Requests raised by the Users related to their access issues.
· Created various object classes and attributes which are required in development process.
· Generated reports for TAM and Related applications.
· Develop and support Role Based Access Control (RBAC).
· Created and worked on Users, Groups, junctions, ACL's, POP's.
· Implemented UNIX host security on all servers based on industry standards.
· Worked on problem tickets (PMRs) with IBM to find effective solutions to various problems and performance issues in Test and production environments.
· Resolved issues in WAS and performance tuning.
· Implementation of SSO federation using SAML Authentication.
· Reconciliation of user accounts and adoption of user accounts to user identities.
· Used IDI script to notify users of password expiration date.